Security tips for Mobile Banking and WeChat official account

Security tips for Mobile Banking

How to download Personal Mobile Banking Apps?

  • Personal Mobile Banking provides various banking and securities services. You can:
    • BOCHK - search “BOCHK > More > e-Banking Service > BOCHK Mobile Application” to download the Apps;
    • Search "BOCHK中銀香港" (Bank of China (Hong Kong)) for free download of the Apps through the online App stores (Google Play, App Store and Huawei AppGallery).
    • If there are suspicious App for downloading, please do not log in and stop proceeding the download immediately.
  • To ensure the search wording is correct and prevent from downloading any counterfeit Apps which is attached with phishing program / Trojan to steal the login information.
  • Do not reproduce and install any suspicious Apps on your mobile devices.
  • If there is any abnormal operation, e.g. suspicious pop up pages or a delay login, please stop the operation immediately.

 

Is Mobile Banking secure?

  • Company's website is protected with strong encryption (128-bit SSL). Access is protected by personalised user name and password. The system is protected from duplicate access, i.e. customers cannot log in the system at the same time using different mobile devices. The session will be automatically disconnected after remaining inactive over a period of time to prevent unauthorised transaction.


How can I access and log in Mobile Banking?

  • To ensure secure transactions, please download BOCHK Mobile Application from official application stores or BOCHK website, to log in Mobile Banking. Details
  • You can also visit the following URLs with the browser in your mobile handset and log in Mobile Banking using your relevant Internet Banking number/user name and password.
Bank Mobile Banking URLs
Bank of China (Hong Kong) https://m.bochk.com
Chiyu Banking Corporation Limited https://m.chiyubank.com

 

Have you obtained any security certification for your Mobile Banking? 

  • We have obtained the certificate issued by VeriSign, "m.bochk.com, Bank of China (Hong Kong) Ltd" for our Mobile Banking. 


What should I be aware of when using Mobile Banking? 

  • Do not save or keep your password in a browser, and disable the "Auto-Complete" feature to prevent any third party from unauthorised access to your login information via the browser.
  • Avoid logging in Mobile Banking via wireless network (i.e. Wi-Fi) which is public or without password setting. We advise using encrypted and reliable mobile internet connection.
  • Activate the auto-lock function of your mobile devices and avoid logging in Mobile Banking in a crowded area and be careful when inputting your password via specific mobile devices. The format of password may be enlarged with clear display. It would indirectly disclose your login information to other people.
  • Disable any wireless network functions (e.g. Wi-Fi, Bluetooth, NFC) or Payment Apps not in use. Choose encrypted networks when using Wi-Fi and disable Wi-Fi auto-connection settings.
  • Avoid using mobile devices from other to log in Mobile Banking and sharing your mobile devices with others.
  • It is recommended to setup firewall and install anti-virus software / mobile security App in your mobile devices and update regularly. You can visit HKCERT website for reference: https://www.hkcert.org/mobile-security-tools, to select the appropriate Apps.
  • To protect your online transactions, we will check whether your mobile devices are jailbroken or rooted and with recommended operating systems for minimum security requirements upon using of the Bank's Mobile App. You may not be allowed to access Mobile Banking via such devices. Please pay attention to the reminder.
  • Please check your last login and logout records every time you use our Mobile Banking. You should also check your account balance and transaction records regularly. If there are suspicious transactions, please contact us immediately.
  • You should ensure proper protection of your password and personal information and hold accountability of this:
  • Please download and install the latest version of the Bank's Mobile App, other Mobile Apps, operating systems and browsers regularly in the official App stores (Google Play and App Store) or our website. Do not install Mobile Apps from mistrusted sources. If there is any suspicious App, please do not download and stop the operation immediately.
  • You should use all reasonable care to keep your mobile devices secure. If you find that your mobile devices have been lost or stolen or that any unauthorised transactions have occurred, you should contact us immediately.


What should I be aware of when using Biometric Authentication service?

  • Upon the successful registration of the “Biometric Authentication” service on your mobile devices, any fingerprint or Face ID that being stored on your mobile device can be used for the purpose of the “Biometric Authentication” service. You must ensure that only your fingerprint or Face ID is stored on your mobile devices, and ensure the security of the security codes as well as the passwords or codes that you can use to store your fingerprint or Face ID and register the “Biometric Authentication” service on your mobile devices.
  • For security reasons, do not use jailbroken or rooted mobile devices.
  • You can cancel the “Biometric Authentication” service by disabling the option of "Enable Biometric Authentication Login and Use Mobile Token" via "Setting > Mobile Token Setting" after logging in Mobile Banking or contacting our customer service hotline or accessing any of our branches to "suspend mobile token". Please note that after you cancel the “Biometric Authentication” service, your fingerprint or Face ID will be continuously stored on your designated mobile devices. You may consider cancelling the data at your own decision.
  • If your fingerprint or Face ID record of your designated mobile devices has been changed or the “Biometric Authentication” service has not been used for a specified period of time (which shall be defined by the Bank from time to time), your “Biometric Authentication” service will be suspended. You are required to re-register or re-activate the “Biometric Authentication” service.
  • You must not use “Biometric Authentication” if you have reasonable belief that other people may share identical or very similar biometric credentials of you. For instance, you must not use facial recognition for authentication purpose if you have identical twin or triplet siblings.
  • You must not use “Biometric Authentication” if the relevant biometric credentials of you are or will be undergoing rapid development or change. For instance, you must not use facial recognition for authentication purpose if you are an adolescent with facial features undergoing rapid development.

What if there is an incoming call or weak signal when I am placing an instruction? How can I ensure the instruction has been submitted?

  • If your instruction has been successfully submitted and executed, a transaction reference number will be displayed on the webpage of Mobile Banking. You can also check the last ten transaction records as to whether the instruction has been successfully submitted and executed.
     

Do I need to close the web browser after logging out Mobile Banking?

  • You are advised to close the web browser after logging out and delete the temporarily saved and past historical records on a regular basis.

Security tips for WeChat official account

In order to ensure the services and information are provided by our company, please refer to the following registered WeChat ID when searching for the WeChat official accounts. Please do not disclose your personal and account information to any unauthorised WeChat account(s). Should you have any queries, please contact the company’s staff immediately.

The company has registered the following WeChat ID:

Bank Name WeChat ID
Bank of China (Hong Kong) Limited “BOCHK” BOCHK_Banking
BOCHK_CC
BOCHKresearch
BOCHK_SEA
Chiyu Banking Corporation Limited “Chiyu” Chiyu_Bank

Points to note when using WeChat official account?

  • When performing account binding, user is required to set up a 8-digit “WeChat password” of which three or more consecutive numbers and “12345678” are not accepted. User should take necessary prudential measures to safeguard your password, please do not disclose your password to anyone (including the company’s staff).
  • Please do not access WeChat official account via hyperlinks or QR Code embedded in any emails or SMS.
  • Please do not input personal sensitive information into WeChat dialogue box. The company will not ask user to provide account number, password and personal information via WeChat dialogue box.
  • For more details of account binding, please input "Account Binding Service Directory" into WeChat dialogue box for enquiry.
  • For enquiry, security issues report and unbinding account request, please call:BOCHK Personal Customer Service Hotline +852 3988 2388, Chiyu +852 2232 3625.
  • To ensure customer data security, the recommended operating systems and browsers are as follows:
    • iOS 8.2 or above (Default browser), WeChat 6.3.18 or above
    • Android 5.0 or above (Default browser), WeChat 6.3.18 or above
  • Please download and install updates and patches for your Apps, operating systems and browsers regularly.